If you use Google's Postini service to filter viruses and spam (you should if you don't already have an alternative). You might sometimes wonder why that odd spam got through to your e-mail.

That's because if your e-mail server is opened to the world, it is a matter of directly connecting to the IP address and sending the e-mail. Spammers and phishers use this to bypass any external mail filters you may have.

In anycase, if you're running a shared host, and only certain clients use Postini, you will have to configure postfix to check specific domains for rules.

In short you have to:

1. Add to main.cf:
   smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_checks
   smtpd_restriction_classes=domain.com-restrictions
   domain.com-restrictions = check_client_access pcre:/etc/postfix/domain.com-restrictions.pcre
2. Create the file /etc/postfix/recipient_checks with values:
   domain.com domain.com-restrictions
3. Create the file /etc/postfix/domain.com-restrictions.pcre with values:
   /postini\.com$/ OK
   /^.*/ REJECT
4. Execute:
   postmap /etc/postfix/recipient_checks
5. Reload postfix:
   postfix reload

For each additional domain, you add the approriate key and value into recipient_checks and add the restriction rules as per the domain.com specified above.

The rules above ensures all rdns has to resolve to a string with "postini.com" (which is what postini e-mail servers will resolve to). All others are rejected with the catch all rule.

Update 29/09/2011: Changed the rule slightly and added End of line ($) check on RDNS name.

Need a new CPU or graphics card? Get AMD.